Updated tier badges in SAST documentation

ead32821 · Russell Dickenson · Amy Qualls · 586f09e4 · ead32821 · ead32821
Commit ead32821 authored Jul 29, 2020 by Russell Dickenson Committed by Amy Qualls Jul 29, 2020
Showing with 75 additions and 73 deletions

doc/user/application_security/index.md doc/user/application_security/index.md +2 -2

doc/user/application_security/sast/index.md doc/user/application_security/sast/index.md +73 -71

No files found.
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -63,7 +63,7 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)**  | Analyze running web applications for known vulnerabilities.            |
 | [Secret Detection](secret_detection/index.md) **(ULTIMATE)**                 | Analyze Git history for leaked secrets.                                |
 | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**             | View vulnerabilities in all your projects and groups.                  |
-| [Static Application Security Testing (SAST)](sast/index.md) **(ULTIMATE)**   | Analyze source code for known vulnerabilities.                         |
+| [Static Application Security Testing (SAST)](sast/index.md)                  | Analyze source code for known vulnerabilities.                         |
 | [Coverage fuzzing](coverage_fuzzing/index.md) **(ULTIMATE)**                 | Find unknown bugs and vulnerabilities with coverage-guided fuzzing.    |

 ## Security Scanning with Auto DevOps

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: reference, howto
 ---

-# Static Application Security Testing (SAST) **(ULTIMATE)**
+# Static Application Security Testing (SAST)

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.3.

@@ -26,7 +26,9 @@ You can take advantage of SAST by doing one of the following:
  [Auto DevOps](../../../topics/autodevops/index.md).

 GitLab checks the SAST report, compares the found vulnerabilities between the
-source and target branches, and shows the information right on the merge request.
+source and target branches.
+
+Details of the vulnerabilities found are included in the merge request. **(ULTIMATE)**

 ![SAST Widget](img/sast_v13_2.png)

@@ -56,7 +58,7 @@ To run SAST jobs, by default, you need a GitLab Runner with the
 [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html) executor.
 If you're using the shared Runners on GitLab.com, this is enabled by default.

-Beginning with GitLab 13.0, Docker privileged mode is necessary only if you've [enabled Docker-in-Docker for SAST](#enabling-docker-in-docker).
+Beginning with GitLab 13.0, Docker privileged mode is necessary only if you've [enabled Docker-in-Docker for SAST](#enabling-docker-in-docker-ultimate).

 CAUTION: **Caution:**
 Our SAST jobs currently expect a Linux container type. Windows containers are not yet supported.
@@ -70,7 +72,7 @@ is **not** `19.03.0`. See [troubleshooting information](#error-response-from-dae
 The following table shows which languages, package managers and frameworks are supported and which tools are used.

 | Language (package managers) / framework                                                                                                          | Scan tool                                                                                                     | Introduced in GitLab Version                                                                                                                                          |
-|-----------------------------------------------------------------------------|----------------------------------------------------------------------------------------|------------------------------|
+|--------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | .NET Core                                                                                                                                        | [Security Code Scan](https://security-code-scan.github.io)                                                    | 11.0, [moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.3                                          |
 | .NET Framework                                                                                                                                   | [Security Code Scan](https://security-code-scan.github.io)                                                    | 13.0, [moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.3                                          |
 | Any                                                                                                                                              | [Gitleaks](https://github.com/zricethezav/gitleaks) and [TruffleHog](https://github.com/dxa4481/truffleHog)   | 11., [moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.3                                           |
@@ -102,7 +104,7 @@ All open source (OSS) analyzers have been moved to the GitLab Core tier. Progres
 tracked in the corresponding
 [epic](https://gitlab.com/groups/gitlab-org/-/epics/2098).

-Please note that support for [Docker-in-Docker](#enabling-docker-in-docker)
+Please note that support for [Docker-in-Docker](#enabling-docker-in-docker-ultimate)
 will not be extended to the GitLab Core tier.

 #### Summary of features per tier
@@ -111,13 +113,13 @@ Different features are available in different [GitLab tiers](https://about.gitla
 as shown in the following table:

 | Capability                                                                         | In Core             | In Ultimate        |
-|:--------------------------------------------------------------------------|:--------------------|:-------------------|
+|:-----------------------------------------------------------------------------------|:--------------------|:-------------------|
 | [Configure SAST Scanners](#configuration)                                          | **{check-circle}**  | **{check-circle}** |
 | [Customize SAST Settings](#customizing-the-sast-settings)                          | **{check-circle}**  | **{check-circle}** |
 | View [JSON Report](#reports-json-format)                                           | **{check-circle}**  | **{check-circle}** |
 | [Presentation of JSON Report in Merge Request](#overview)                          | **{dotted-circle}** | **{check-circle}** |
-| [Interaction with Vulnerabilities](#interacting-with-the-vulnerabilities) | **{dotted-circle}** | **{check-circle}** |
-| [Access to Security Dashboard](#security-dashboard)                       | **{dotted-circle}** | **{check-circle}** |
+| [Interaction with Vulnerabilities](#interacting-with-the-vulnerabilities-ultimate) | **{dotted-circle}** | **{check-circle}** |
+| [Access to Security Dashboard](#security-dashboard-ultimate)                       | **{dotted-circle}** | **{check-circle}** |

 ## Contribute your scanner

@@ -203,7 +205,7 @@ you can use the `MAVEN_CLI_OPTS` environment variable.

 Read more on [how to use private Maven repositories](../index.md#using-private-maven-repos).

-### Enabling Docker-in-Docker
+### Enabling Docker-in-Docker **(ULTIMATE)**

 If needed, you can enable Docker-in-Docker to restore the SAST behavior that existed prior to GitLab
 13.0. Follow these steps to do so:
@@ -311,11 +313,11 @@ of CA certs that you want to trust within the SAST environment.
 The following are Docker image-related variables.

 | Environment variable      | Description                                                                                                                           |
-|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
 | `SECURE_ANALYZERS_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md). |
 | `SAST_ANALYZER_IMAGE_TAG` | **DEPRECATED:** Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md).                 |
 | `SAST_DEFAULT_ANALYZERS`  | Override the names of default images. Read more about [customizing analyzers](analyzers.md).                                          |
-| `SAST_DISABLE_DIND`          | Disable Docker-in-Docker and run analyzers [individually](#enabling-docker-in-docker). This variable is `true` by default. |
+| `SAST_DISABLE_DIND`       | Disable Docker-in-Docker and run analyzers [individually](#enabling-docker-in-docker-ultimate). This variable is `true` by default.   |

 #### Vulnerability filters

@@ -336,24 +338,24 @@ Some analyzers make it possible to filter out vulnerabilities under a given thre

 #### Docker-in-Docker orchestrator

-The following variables configure the Docker-in-Docker orchestrator, and therefore are only used when the Docker-in-Docker mode is [enabled](#enabling-docker-in-docker).
+The following variables configure the Docker-in-Docker orchestrator, and therefore are only used when the Docker-in-Docker mode is [enabled](#enabling-docker-in-docker-ultimate).

 | Environment variable                     | Default value | Description                                                                                                                                                                                                                                              |
-|------------------------------------------|---------------|-------------|
+|------------------------------------------|---------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `SAST_ANALYZER_IMAGES`                   |               | Comma-separated list of custom images. Default images are still enabled. Read more about [customizing analyzers](analyzers.md).                                                                                                                          |
 | `SAST_PULL_ANALYZER_IMAGES`              | 1             | Pull the images from the Docker registry (set to 0 to disable). Read more about [customizing analyzers](analyzers.md).                                                                                                                                   |
 | `SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT` | 2m            | Time limit for Docker client negotiation. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h` or `2h45m`.         |
 | `SAST_PULL_ANALYZER_IMAGE_TIMEOUT`       | 5m            | Time limit when pulling the image of an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h` or `2h45m`. |
-| `SAST_RUN_ANALYZER_TIMEOUT`              |     20m | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h` or `2h45m`.|
+| `SAST_RUN_ANALYZER_TIMEOUT`              | 20m           | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h` or `2h45m`.              |

 #### Analyzer settings

 Some analyzers can be customized with environment variables.

 | Environment variable                  | Analyzer             | Description                                                                                                                                                                                                                                |
-|---------------------------------------|----------------------|-------------|
+|---------------------------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `SCAN_KUBERNETES_MANIFESTS`           | Kubesec              | Set to `"true"` to scan Kubernetes manifests.                                                                                                                                                                                              |
-| `KUBESEC_HELM_CHARTS_PATH`            | Kubesec              | Optional path to Helm charts that `helm` will use to generate a Kubernetes manifest that `kubesec` will scan. If dependencies are defined, `helm dependency build` should be ran in a `before_script` to fetch the necessary dependencies. |
+| `KUBESEC_HELM_CHARTS_PATH`            | Kubesec              | Optional path to Helm charts that `helm` will use to generate a Kubernetes manifest that `kubesec` will scan. If dependencies are defined, `helm dependency build` should be ran in a `before_script` to fetch the necessary dependencies. |
 | `KUBESEC_HELM_OPTIONS`                | Kubesec              | Additional arguments for the `helm` executable.                                                                                                                                                                                            |
 | `COMPILE`                             | SpotBugs             | Set to `false` to disable project compilation and dependency fetching. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/195252) in GitLab 13.1.                                                                                  |
 | `ANT_HOME`                            | SpotBugs             | The `ANT_HOME` environment variable.                                                                                                                                                                                                       |
@@ -471,13 +473,13 @@ Here's an example SAST report:

 Learn more about [Secret Detection](../secret_detection).

-## Security Dashboard
+## Security Dashboard **(ULTIMATE)**

 The Security Dashboard is a good place to get an overview of all the security
 vulnerabilities in your groups, projects and pipelines. Read more about the
 [Security Dashboard](../security_dashboard/index.md).

-## Interacting with the vulnerabilities
+## Interacting with the vulnerabilities **(ULTIMATE)**

 Once a vulnerability is found, you can interact with it. Read more on how to
 [interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities).